The problem is that attacker can modify ping's output without having direct access to this program. Example:
ilya@juil:~$ ping www.aha.ru PING distributed.zenon.net (195.2.91.103): 56 data bytes ^^^^^^^^^^^^^^^^^^^^^ 64 bytes from 195.2.91.103: icmp_seq=0 ttl=120 time=69.3 ms 64 bytes from 195.2.91.103: icmp_seq=1 ttl=120 time=64.6 ms
Note that ping (at least its version on my Linux desktop) queries DNS to find canonic name of pinged host. Since attacker controls networking address of pinged computer and may potentialy control corresponding DNS server he can control this part of ping's output. In general if you use output of any networking program you must be extra careful about it. There are many ways how attacker can tamper it without having direct access to your computer.
--
Ilya Martynov, ilya@iponweb.net
CTO IPonWEB (UK) Ltd
Quality Perl Programming and Unix Support
UK managed @ offshore prices - http://www.iponweb.net
Personal website - http://martynov.org
In reply to Re: Re: Re: Re: Ping from HTML
by IlyaM
in thread Ping from HTML
by fouttyw
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |